How your car can be hacked remotely by a tiny device

Automakers need security bounty programs.

Most Read

Yet another security researcher is demonstrating a better way to break into vehicle electronic systems, taking control from drivers in a way that could wreak havoc on the roads. While we aren't in imminent danger of wireless drive-by hacks on our cars, automakers must quickly take a more proactive role in discovering and plugging the holes in automotive computer networks before someone devises a practical exploit that requires no physical access to the car.

Automakers remain secretive about their in-vehicle computer security, but as hackers find new ways into these rolling networks, automakers need to open up, acknowledge the risks, and ask for help.

At the upcoming Black Hat Asia 2014 computer security conference in Singapore, a pair of Spanish security researchers will demonstrate a smartphone-sized circuit board dubbed the 'CAN Hacking Tool' (CHT), which they claim will let them remotely take partial control of many vehicles over a wireless Bluetooth connection.

Assembled from about $25 worth of parts, the CHT is connected to the OBD-II diagnostics port and tucked discreetly out of sight in a matter of minutes. Once installed, the intruders can connect wirelessly and tap into the vehicle network, which enables the sensors and computers to speak with each other and control the car. Previous demonstrations have required a cable interface with the CAN bus.

Intruders would still need initial physical access to install the device, and the limited 15- to 30-foot range of Bluetooth means they would have to remain close by to do anything nefarious, making this a proof of concept. However, it's just a matter of time before someone develops a longer-range WiFi or cellular version.

Embedded systems like General Motors' OnStar will eventually become the preferred attack vector because they will never need access to the car.

The potential attacks are limited right now because the in-vehicle networks remain encrypted—although encryption can be bypassed, as various retailers have found out when consumer credit card information has been compromised. Despite being limited, the range of commands are still frightening: Depending on the vehicle, the researchers have been able to toggle the headlights, open the windows, or even send commands to the brakes.

Technology companies including Microsoft, Google, and Facebook have been running bug bounty programs for the last several years, paying researchers who agree to submit security bugs they find before going public, and it's past time for automakers to consider doing the same.